A security researcher has revealed the consequences of the recent data breach at 23andMe, a prominent U.S. biotechnology and genetic testing firm.
Following the 23andMe data breach, information belonging to more than 1.3 million Ashkenazi Jewish and Chinese users has been compromised.
This revelation follows 23andMe’s earlier dismissal of claims on a hacking forum where data from nearly 7 million users was being sold as “misleading,” suggesting that the information had been obtained not through direct hacking of its systems but rather from credentials leaked in previous cyberattacks.
What Data is Compromised?
The compromised data from 23andme data breach included users’ names, genders, birth years, ancestral heritage results, maternal and paternal genetic markers, profile and account numbers, and details related to opt-ins for 23andMe health data.
Additionally, the researcher pointed out that exposed 23andMe profile IDs could potentially grant access to other types of information. Expressing concern over the breach, the researcher noted that 23andMe’s apparent downplaying of the incident was alarming, especially considering that the hacker claimed to possess more unreleased data.
The 23andme Data Breach
Biotechnology firm 23andMe, known for its genetic testing and genealogy services, recently disclosed a data breach resulting from a credential stuffing attack. The cyberattack specifically appeared to target users of Ashkenazi Jewish heritage, raising alarms within the affected community.
The breach came to light on October 6, when 23andMe published a statement on its website detailing the incident. According to the company, “certain 23andMe customer profile information that customers had opted into sharing through our DNA Relatives feature was compiled from individual 23andMe.com accounts without the account users’ authorization.”
In the wake of the 23andme data breach, the biotechnology firm acknowledged that the malicious actors had managed to access information from specific accounts, including details about users’ DNA Relatives profiles.
This information encompassed personal data such as first and last names, gender, email addresses, dates of birth, geographical locations, and 23andMe’s evaluations of their genetic heritage, including ancestral origins.
What made the 23andme data breach particularly alarming was the fact that the attackers targeted accounts where users had recycled login credentials.
This form of attack, known as credential stuffing, involves malicious actors using login credentials exposed in previous data breaches to gain unauthorized access to other accounts held by the victims of those breaches.
By “stuffing” stolen credentials into the login portals of various websites, attackers hope to exploit reused passwords and gain access to additional accounts.
Investigation Underway Post 23andme Data Breach
In response to the breach, 23andMe swiftly initiated an investigation into the matter and urged its users to take immediate action. The company advised customers to change their passwords to strong, unique ones and to enable multi-factor authentication on their 23andMe accounts to enhance security.
The motives behind the 23andme cyberattack appeared to be more targeted than initially thought. Dark web posts linked to the alleged hacker suggested that the breach may have specifically aimed at Ashkenazi Jews.
The malicious actor responsible for the 23andme data breach later shared information allegedly stolen during the credential stuffing attack on a well-known dark web hacking forum called BreachForums. In their post, the actor claimed to have uploaded a database containing data from “1 million Ashkenazi” individuals.
Impact of 23andme Data Breach
What added to the gravity of the situation was the sale of data packs by the threat actor. These data packs reportedly contained highly personalized information, including ethnic groupings, individualized data sets, precise origin estimations, haplogroup details, phenotype information, photographs, links to potential relatives, and critically, raw data profiles.
The prices for these datasets, as outlined by the malicious actor, were as follows:
- 100 profiles for US$1,000
- 1,000 profiles for $5,000
- 10,000 profiles for $20,000
- 100,000 profiles for $100,000
Furthermore, the actor boasted that these profiles encompassed “DNA profiles of millions, ranging from the world’s top business magnates to dynasties often whispered about in conspiracy theories,” and each dataset included corresponding email addresses.
In a disheartening confirmation, 23andMe verified the legitimacy of the data leaked by the malicious actor in their forum post, underscoring the severity of the breach and its potential repercussions.
This incident serves as a stark reminder of the importance of robust cybersecurity practices, not only for organizations like 23andMe but also for individuals who must exercise vigilance in securing their personal information in an increasingly interconnected digital world.
The breach, specifically targeting a community based on heritage, highlights the need for heightened cybersecurity awareness and proactive measures to protect sensitive data.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
